Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A system, comprising: a network tap configured to: intercept a network data packet before provision to an intended target electronic device; and provide the network data packet to a set of one or more inline tokenizers; the set of one or more inline tokenizers, configured in parallel to: receive one or more network data packets; identify, in the one or more network data packets, sensitive data; extract the sensitive data from the one or more packets; store the sensitive data in a storage; rebuild the one or more network data packets into one or more rebuilt network data packets, replacing the sensitive data with a token that may be used to identify the sensitive data stored in the storage; and provide the one or more rebuilt network data packets to the intended target electronic device.
Network security and data privacy. This invention addresses the need to protect sensitive data transmitted over a network without disrupting normal network operations. The system includes a network tap that intercepts network data packets before they reach their intended destination. This tap then forwards the intercepted packets to a set of one or more inline tokenizers. These tokenizers operate in parallel. Each tokenizer receives network data packets, identifies sensitive data within them, and extracts this sensitive data. The extracted sensitive data is then stored. The tokenizers then reconstruct the original network data packets, replacing the extracted sensitive data with a token. This token serves as a reference to the stored sensitive data. Finally, the rebuilt network data packets, now containing tokens instead of sensitive data, are sent to the intended target electronic device. This process effectively masks sensitive information while allowing the rest of the packet to proceed to its destination.
2. The system of claim 1 , comprising: a set of one or more detokenizers, configured in parallel to: rebuild the one or more network data packets into one or more rebuilt network data packets, replacing the sensitive data with a token that may be used to identify the sensitive data stored in the storage; and provide the one or more rebuilt network data packets to the intended target electronic device.
This invention relates to a system for processing network data packets containing sensitive data, such as personal or confidential information, to ensure secure transmission while maintaining usability. The system addresses the challenge of protecting sensitive data during network communication by replacing it with tokens that reference the original data stored in a secure storage system. This approach allows the data to be reconstructed when needed while preventing unauthorized access during transmission. The system includes a set of one or more detokenizers configured in parallel to process the network data packets. These detokenizers are responsible for rebuilding the original network data packets by replacing the tokens with the corresponding sensitive data stored in the storage system. The rebuilt packets are then provided to the intended target electronic device, ensuring that the recipient receives the complete and accurate data. The parallel configuration of the detokenizers allows for efficient processing and scalability, accommodating varying network loads and ensuring timely delivery of the data. This system enhances data security by minimizing exposure of sensitive information during transmission while maintaining the integrity and usability of the transmitted data.
3. The system of claim 1 , wherein the storage comprises a storage fabric.
A distributed storage system is designed to manage data across multiple storage devices in a scalable and resilient manner. The system addresses challenges in traditional storage architectures, such as limited scalability, single points of failure, and inefficient resource utilization. The storage system includes a storage fabric, which is a networked collection of storage devices interconnected to function as a unified storage resource. The storage fabric enables dynamic allocation of storage capacity and bandwidth, allowing the system to adapt to varying workload demands. It also provides redundancy and fault tolerance by distributing data across multiple devices, ensuring high availability and data integrity. The storage fabric may incorporate features such as data striping, replication, and erasure coding to optimize performance and reliability. Additionally, the system may include mechanisms for load balancing, caching, and data tiering to enhance efficiency. The storage fabric can be implemented using hardware-based or software-defined storage solutions, depending on the specific requirements of the deployment. This approach improves scalability, reduces operational complexity, and enhances overall system performance.
4. The system of claim 1 wherein the set of inline tokenizers are configured to encrypt the sensitive data after extracting the sensitive data from the one or more packets.
A system for processing network traffic involves analyzing data packets to identify and handle sensitive information. The system includes inline tokenizers that extract sensitive data from incoming packets. These tokenizers are further configured to encrypt the extracted sensitive data before processing or transmission. The encryption ensures that sensitive information remains protected throughout the system's operations. The system may also include components for detecting sensitive data patterns, such as personal identifiers or financial details, within the packet payloads. Once identified, the sensitive data is replaced with tokens or encrypted versions to prevent exposure. The system operates in real-time, processing packets as they traverse a network, and can be integrated into existing network infrastructure. The encryption step enhances security by ensuring that even if data is intercepted, it remains unreadable without proper decryption keys. This approach is particularly useful in environments where data privacy and compliance with regulations like GDPR or HIPAA are critical. The system may also include logging and reporting features to track data handling activities and maintain audit trails.
5. The system of claim 1 , wherein the token is created from random numbers.
A system for generating and managing tokens in a secure authentication or authorization framework. The system addresses the need for secure, unpredictable token generation to prevent unauthorized access or tampering. The system includes a token generation module that creates tokens from random numbers, ensuring high entropy and resistance to prediction or brute-force attacks. The random number generation process may involve cryptographic techniques to further enhance security. The tokens are used to authenticate users, devices, or transactions within a networked environment, such as online services, financial systems, or access control mechanisms. The system may also include validation and verification modules to confirm the integrity and authenticity of the tokens during use. By deriving tokens from random numbers, the system mitigates risks associated with deterministic or predictable token generation methods, such as sequence-based or time-based tokens that can be exploited by attackers. The system may be integrated into existing security protocols or deployed as a standalone solution to improve the robustness of authentication processes. The random number-based token generation ensures that each token is unique and unpredictable, reducing the likelihood of successful attacks.
6. The system of claim 1 , wherein the token is created from a cryptographic hash.
This invention relates to a system for generating and managing tokens using cryptographic hashing techniques. The system addresses the need for secure and verifiable token generation in digital environments, particularly where authentication, authorization, or data integrity is required. Cryptographic hashing ensures that tokens are unique, tamper-evident, and computationally infeasible to reverse-engineer, enhancing security in applications such as digital signatures, access control, or blockchain transactions. The system generates tokens by applying a cryptographic hash function to input data, producing a fixed-size output that serves as the token. The hash function is designed to be deterministic, meaning the same input always yields the same token, while also being collision-resistant to prevent different inputs from producing identical tokens. This ensures that tokens can be reliably verified and trusted. The token generation process may involve additional steps, such as incorporating a secret key or timestamp to further enhance security. The system may also include mechanisms for validating tokens by re-hashing input data and comparing it to the stored token, ensuring that the token has not been altered. This is particularly useful in scenarios where tokens are used to verify the authenticity of digital documents, transactions, or user identities. By leveraging cryptographic hashing, the system provides a robust solution for secure token generation, addressing challenges related to data integrity, authentication, and non-repudiation in digital systems.
7. The system of claim 1 , wherein the sensitive data is identified using regular expressions that form a corresponding search pattern.
The invention relates to a data processing system designed to identify and protect sensitive information within digital datasets. The system addresses the challenge of detecting and securing sensitive data, such as personal identifiers, financial details, or confidential business information, to prevent unauthorized access or leakage. The system employs regular expressions to define search patterns that match specific types of sensitive data. These patterns are applied to scan datasets, allowing the system to locate and flag sensitive information based on predefined criteria. For example, a regular expression may be configured to detect sequences of numbers matching a credit card format or email addresses following a standard structure. The system may also include additional components, such as a data storage module to retain identified sensitive data, a processing unit to analyze the data, and an interface for user interaction. The regular expressions can be customized or updated to adapt to different data formats or security requirements, ensuring flexibility in identifying evolving types of sensitive information. By using regular expressions, the system provides a scalable and efficient method for detecting sensitive data across large datasets, reducing the risk of data breaches and ensuring compliance with privacy regulations. The approach allows organizations to implement robust data protection measures while maintaining operational efficiency.
8. The system of claim 7 , wherein the sensitive data is identified by searching for strings that match one or more of the regular expressions.
This invention relates to a data processing system designed to identify and protect sensitive information within digital data. The system addresses the challenge of detecting sensitive data, such as personal or confidential information, in large datasets to prevent unauthorized access or exposure. The system includes a data scanner that examines digital data to locate sensitive information. The sensitive data is identified by searching for strings that match predefined regular expressions, which are patterns designed to recognize specific types of sensitive data, such as credit card numbers, social security numbers, or other confidential identifiers. The system may also include a data processor that processes the identified sensitive data to apply security measures, such as encryption, redaction, or access restrictions. Additionally, the system may include a user interface that allows users to configure the regular expressions used for detection, adjust security policies, and review the results of the scanning process. The system is particularly useful in environments where data privacy and compliance with regulations, such as GDPR or HIPAA, are critical. By automating the detection and protection of sensitive data, the system helps organizations mitigate risks associated with data breaches and unauthorized data exposure.
9. The system of claim 7 , wherein the corresponding search pattern comprises: a pattern to identify potential social security numbers.
The invention relates to a system for detecting and identifying sensitive information, such as social security numbers, within digital data. The system is designed to address the challenge of protecting personally identifiable information (PII) in large datasets, ensuring compliance with privacy regulations and preventing unauthorized access to sensitive data. The system includes a search module that scans digital content for predefined patterns. These patterns are configured to match specific data formats, such as the structure of social security numbers, which typically follow a standardized format (e.g., XXX-XX-XXXX). The search module applies these patterns to detect potential matches within the data, flagging them for further review or automated handling. Additionally, the system may include a validation module that verifies the detected patterns to reduce false positives. This could involve cross-referencing with known valid SSN ranges or applying additional contextual checks. The system may also integrate with data processing workflows to redact, encrypt, or restrict access to identified sensitive information, ensuring secure handling. The invention aims to enhance data security by automating the detection and protection of sensitive information, particularly in environments where manual review is impractical or inefficient. The system is adaptable to various data sources, including databases, documents, and communication logs, making it suitable for enterprise-level privacy compliance.
10. The system of claim 7 , wherein the corresponding search pattern comprises: a pattern to identify potential credit card numbers.
A system for detecting and processing sensitive information in digital communications includes a pattern-matching module that identifies potential credit card numbers within transmitted data. The system monitors data streams, such as messages or files, to detect sequences that match known credit card number formats. These patterns typically follow standardized structures, such as 16-digit sequences with specific prefix ranges or Luhn algorithm validation. When a potential credit card number is detected, the system flags it for further action, such as encryption, masking, or alerting security personnel. The system may also integrate with existing security frameworks to enforce compliance with data protection regulations. By automatically identifying and handling credit card numbers, the system reduces the risk of unauthorized exposure or fraudulent use of financial information. The pattern-matching module can be configured to adapt to different card issuers or regional formats, ensuring broad applicability. The system operates in real-time, minimizing delays in data transmission while maintaining security. This approach enhances data privacy and regulatory compliance in digital communications.
11. The system of claim 1 , wherein the sensitive data comprises content to censor.
A system for processing sensitive data includes a data analysis module that identifies and categorizes sensitive information within a dataset. The system further includes a data transformation module that applies predefined rules to modify or redact the sensitive data to ensure compliance with privacy regulations or organizational policies. The sensitive data may include content that requires censorship, such as profanity, confidential information, or restricted material. The system dynamically adjusts the transformation rules based on contextual factors, such as user roles or geographic restrictions, to ensure appropriate handling of the sensitive content. The system also includes a monitoring module that tracks the processing of sensitive data to maintain an audit trail and verify compliance. The system is designed to integrate with existing data processing workflows, allowing seamless implementation without disrupting operational efficiency. The primary goal is to protect sensitive information while maintaining the usability and integrity of the processed data.
12. A tangible, non-transitory, machine-readable medium, comprising machine-readable instructions that, when executed by one or more processors of a machine, cause the machine to: receive one or more network data packets of intercepted network data; identify, in the one or more network data packets, sensitive data; extract the sensitive data from the one or more packets; store the sensitive data in a storage; rebuild the one or more network data packets into one or more rebuilt network data packets, replacing the sensitive data with a token that may be used to identify the sensitive data stored in the storage; and provide the one or more rebuilt network data packets to the intended target electronic device.
This invention relates to network data processing systems designed to protect sensitive information during transmission. The technology addresses the challenge of securing sensitive data in network communications, such as personal or financial information, from unauthorized access or exposure during interception. The system intercepts network data packets containing sensitive information, identifies and extracts the sensitive data, and stores it in a secure storage. The intercepted packets are then reconstructed with the sensitive data replaced by tokens, which serve as placeholders that can later be used to retrieve the original data. The rebuilt packets are then forwarded to their intended destination. This approach ensures that sensitive information is not transmitted in its original form, reducing the risk of exposure during transit. The system operates by analyzing network traffic, detecting and isolating sensitive content, and substituting it with tokens while maintaining the integrity and functionality of the communication. The stored sensitive data remains accessible only through authorized means, enhancing data security in network environments.
13. The machine-readable medium of claim 12 , comprising machine-readable instructions that, when executed by the one or more processors of the machine, cause the machine to: rebuild the one or more network data packets into one or more rebuilt network data packets, replacing the sensitive data with a token that may be used to identify the sensitive data stored in the storage; and provide the one or more rebuilt network data packets to the intended target electronic device.
This invention relates to network data processing, specifically systems for handling sensitive data in network communications. The problem addressed is the need to protect sensitive data transmitted over networks while ensuring the data remains usable for legitimate purposes. The solution involves intercepting network data packets containing sensitive information, extracting and storing the sensitive data in a secure storage system, and replacing it with a token that can later be used to retrieve the original data. The system then reconstructs the network data packets with the tokens and forwards them to their intended recipients. This approach allows sensitive data to be securely stored and accessed only by authorized systems, reducing exposure during transmission. The invention also includes mechanisms to rebuild the network data packets with the original sensitive data when needed, using the tokens to retrieve the stored information. This ensures that the data remains intact and usable for legitimate operations while minimizing security risks during transmission. The system is designed to work with various types of network data packets and can be integrated into existing network infrastructure to enhance data protection.
14. The machine-readable medium of claim 12 , wherein the token is created from random numbers.
This invention relates to secure token generation for authentication systems. The problem addressed is the need for robust, unpredictable tokens to prevent unauthorized access in digital security protocols. The invention describes a method for generating tokens using random numbers to ensure high entropy and resistance to prediction or replication by attackers. The token generation process involves creating a token from random numbers, which are typically sourced from a cryptographically secure random number generator. This ensures the token is statistically unpredictable, making it difficult for adversaries to guess or reverse-engineer. The random number-based token is then used in authentication workflows, such as multi-factor authentication or session validation, to verify user identity or system access. The invention may also include additional features, such as token expiration, validation mechanisms, or integration with existing authentication frameworks. The random number generation step is a critical component, as it directly impacts the security strength of the token. By relying on randomness, the system mitigates risks associated with deterministic or weak token generation methods, such as sequential numbering or hash collisions. This approach is particularly useful in environments where security is paramount, such as financial transactions, healthcare systems, or enterprise networks. The use of random numbers ensures compliance with security standards and reduces vulnerabilities in authentication processes.
15. The machine-readable medium of claim 12 , wherein the token is created from a cryptographic hash.
A system and method for secure data processing involves generating and managing tokens derived from cryptographic hashes to enhance data integrity and security. The technology operates in the domain of digital authentication and data verification, addressing challenges related to unauthorized access, data tampering, and secure token generation. The system creates tokens by applying a cryptographic hash function to input data, producing a unique and deterministic output that serves as a digital fingerprint. This token can be used to verify the authenticity and integrity of the original data without exposing the original content. The system may also include mechanisms for validating tokens against stored hash values, ensuring that any alteration in the original data results in a mismatched token. Additionally, the system may support token generation from various data sources, including user inputs, system logs, or transaction records, and can integrate with existing security frameworks to enforce access controls and audit trails. The use of cryptographic hashing ensures that tokens are resistant to reverse engineering, providing a robust solution for secure data handling in applications such as authentication, digital signatures, and data integrity checks.
16. The machine-readable medium of claim 12 , comprising machine-readable instructions that, when executed by the one or more processors of the machine, cause the machine to run in parallel with a second machine that: receives a second one or more network data packets of second intercepted network data; identifies, in the second one or more network data packets, second sensitive data; extracts the second sensitive data from the second one or more packets; stores the second sensitive data in a second storage; rebuilds the second one or more network data packets into one or more second rebuilt network data packets, replacing the second sensitive data with a second token that may be used to identify the second sensitive data stored in the second storage; and provides the one or more second rebuilt network data packets to a second intended target electronic device.
This invention relates to a system for processing network data to protect sensitive information while allowing parallel processing across multiple machines. The system intercepts network data packets containing sensitive data, such as personal or confidential information, and processes them to ensure privacy and security. Each machine in the system receives network data packets, identifies sensitive data within them, and extracts this data for secure storage. The sensitive data is then replaced with a token that can later be used to retrieve the original data. The processed packets, now with tokens instead of sensitive information, are forwarded to their intended destination. The system operates in parallel across multiple machines, each handling its own set of intercepted network data packets. This parallel processing ensures efficient and scalable handling of network traffic while maintaining data privacy. The stored sensitive data is kept separate from the processed packets, reducing exposure risks. The tokens allow for reconstruction of the original data when needed, ensuring data integrity while protecting sensitive information during transmission. This approach is particularly useful in environments where large volumes of network traffic must be processed securely and efficiently.
17. The machine-readable medium of claim 12 , wherein the sensitive data is identified using regular expressions that form a corresponding search pattern.
A system and method for identifying sensitive data in electronic documents uses regular expressions to define search patterns for detecting sensitive information. The system scans electronic documents, such as files or databases, to locate sensitive data based on predefined regular expression patterns. These patterns match specific formats or sequences of characters commonly associated with sensitive information, such as credit card numbers, social security numbers, or personal identifiers. The system applies the regular expressions to the content of the documents, flagging any matches as potential sensitive data. The identified sensitive data can then be processed, redacted, or secured to prevent unauthorized access. The use of regular expressions allows for flexible and customizable detection of sensitive data across various document types and formats. This approach ensures that sensitive information is accurately identified and protected, reducing the risk of data breaches or unauthorized exposure. The system may also include additional features, such as pattern validation or context analysis, to improve the accuracy of sensitive data detection.
18. A computer-implemented method, comprising: receive, via the computer, one or more network data packets; identify, via the computer, in the one or more network data packets, sensitive data; extract, via the computer, the sensitive data from the one or more packets; store the sensitive data in a storage; rebuild, via the computer, the one or more network data packets into one or more rebuilt network data packets, replacing the sensitive data with a token that may be used to identify the sensitive data stored in the storage; and provide, via the computer, the one or more rebuilt network data packets to the intended target electronic device.
This invention relates to network data processing, specifically for protecting sensitive information in network communications. The method involves intercepting network data packets to identify and extract sensitive data, such as personal or confidential information, before the packets reach their destination. The extracted sensitive data is stored in a secure storage system, and the original data packets are modified by replacing the sensitive information with tokens. These tokens serve as placeholders that can later be used to retrieve the original sensitive data from storage. The modified packets, now containing tokens instead of sensitive data, are then forwarded to the intended recipient device. This approach ensures that sensitive information is not transmitted in its original form over the network, reducing the risk of exposure or interception. The system can be used in various applications, such as secure data transmission, compliance with privacy regulations, or monitoring network traffic for sensitive content. The method is implemented using a computer system that processes the data packets in real-time, ensuring minimal disruption to network operations while enhancing data security.
19. The computer-implemented method of claim 18 , wherein the sensitive data is identified using regular expressions that form a corresponding search pattern.
This invention relates to computer-implemented methods for identifying and processing sensitive data within digital documents or datasets. The problem addressed is the need to accurately detect and handle sensitive information, such as personal identifiers, financial details, or confidential content, to ensure compliance with privacy regulations or security policies. The method involves analyzing digital content to locate sensitive data by applying regular expressions that define specific search patterns. These patterns are designed to match known formats or structures of sensitive information, such as email addresses, credit card numbers, or social security numbers. The system scans the content using these predefined patterns to identify instances of sensitive data. Once identified, the sensitive data can be processed in various ways, such as encryption, redaction, or logging, depending on the application requirements. The method ensures that sensitive information is detected and managed consistently across different types of digital content, reducing the risk of unauthorized exposure or misuse. The use of regular expressions allows for flexible and customizable pattern matching, enabling the system to adapt to different types of sensitive data and evolving regulatory standards. This approach improves the accuracy and efficiency of sensitive data detection compared to manual review or less sophisticated automated methods.
20. The computer-implemented method of claim 18 , wherein the sensitive data comprises content to censor.
This invention relates to computer-implemented methods for processing sensitive data, specifically focusing on content that requires censorship. The method involves identifying and handling sensitive information within digital data to ensure compliance with privacy, security, or regulatory requirements. The system detects sensitive content, such as personal information, confidential data, or restricted material, and applies censorship techniques to modify, redact, or block the content as needed. The method may involve automated analysis of text, images, or other media to identify and process sensitive elements while preserving the remaining data. The approach ensures that sensitive information is properly managed to prevent unauthorized access or disclosure, addressing concerns in fields like data privacy, cybersecurity, and regulatory compliance. The system may integrate with existing data processing workflows to seamlessly apply censorship rules without disrupting normal operations. The method is designed to be adaptable, allowing customization of censorship criteria based on specific use cases or legal requirements. By automating the detection and handling of sensitive content, the invention improves efficiency and reduces the risk of human error in data management.
Unknown
September 1, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.